Sponsored Ads

The Web Security Mailing List

"Encryption support for configuration files was added to the .NET
Framework beginning with version 2.0. The .NET Framework libraries
include full support for controlling encryption and decryption in code.
I include examples in both VB.NET and C# to demonstrate the encrypting
and decryption of configuration file sections.

Encrypting configuration data improves application security by
making it difficult for users to view the data even if they access the
configuration file. There are two protected configuration providers
included with ASP.NET: RSAProtectedConfigurationProvider and
DPAPIProtectedConfigurationProvider. RSAProtectedConfigurationProvider
uses the RSACryptoServiceProvider to encrypt configuration sections
using RSA public key encryption to encrypt and decrypt data.
DPAPIProtectedConfigurationProvider uses the Windows Data Protection
API (DPAPI) to encrypt configuration sections using the built-in
cryptography capabilities of Windows. You can also create your own
protected settings providers if needed. While a user will have a hard
time dealing with encrypted data, ASP.NET has no problems. You can use
both of these providers in ASP.NET code. "